Seeburger AS2 - Negative MDN response.

Similar Messages

• Seeburger AS2 Adapter: "MDN not signed"

  Dear all,
  we just updated our test system from XI 3.0 to PI 7.1. Now we are facing a problem with our Seeburger AS2 Adapter.
  I sent out a message via AS2 and get the follwing error message in Seeburger AS2 Monitor:
  "MDN not signed"
  In the Receiver Communication Channel I checked the Option "Sign MDN". In XI 3.0 this Scenario was working perfectly. So I contacted our communication partner and asked them if our AS2 message really contained a request for a signed MDN. Our commnucation partner confirmed and sent the MDN as text file to me. This text file shows that the MDN is signed. So it seems that the Seeburger AS2 adapter does not notice that the received MDN is a signed one. But why? Do you have an idea?
  Just for testing purposes I unchecked the "Signe MDN" option. In this case the transmission finished successfully.
  Who can help?
  Thanks
  Michael

  Dear Vikrant,
  many thanks for your reply. But I am not sure if we are really facing the same issue as you described it in your article.
  Currently we have this situation:
  When I send out a message the Seeburge Workbench provides only the following error message:
  "MDN not signed"
  Via the Recovery Monitor I can check the received MDN. Here I can see that the MDN is signed and positive.
  In the Runtime Workbench I checked the following:
  1. In the Message Monitor (Adapter engine) the message is in status "System Error". Here are the details:
  Message could not be forwarded to the JCA adapter. Reason: Fatal exception: javax.resource.ResourceException: SEEBURGER AS2: Negative synchron MDN received., SEEBURGER AS2: Negative synchron MDN received.
  Adapter Framework caught exception: Fatal exception: javax.resource.ResourceException: SEEBURGER AS2: Negative synchron MDN received., SEEBURGER AS2: Negative synchron MDN received.
  Delivering the message to the application using connection AS2_http://seeburger.com/xi failed, due to: com.sap.engine.interfaces.messaging.api.exception.MessagingException: javax.resource.ResourceException: Fatal exception: javax.resource.ResourceException: SEEBURGER AS2: Negative synchron MDN received., SEEBURGER AS2: Negative synchron MDN received..
  2. The Communication Channel Monitor shows the following error messages:
  Error type: REPORT_ERROR >> Error date: 12/14/10 12:02 PM >> Description: MDN not signed [12/14/10 12:02 PM]
  Message processing failed. Cause: javax.resource.ResourceException: Fatal exception: javax.resource.ResourceException: SEEBURGER AS2: Negative synchron MDN received., SEEBURGER AS2: Negative synchron MDN received.
  I do not understand why the MDN is recognized as negative and unsigned even if the plain text version of the MDN shows that it is signed and positive.
  In your article you recommend to create a sender communication channel for MDN and a corresponding sender agreement. We already did that in XI 3.0 to forward the MDN as STATUS IDOC to SAP ECC.
  Maybe you have an additional idea?
  Thanks
  Michaek

• Seeburger - async receiving MDN problem- no binding found for AS2

  Hi guys!
  We have configured AS2 receiver adapter but during receiveing Async MDN we get following error (sending of message is successful) :
  Cannot receive async MDN: com.seeburger.as2.exception.AS2PluginException: Inbound communication from 90586 to 22266 not allowed: com.seeburger.conf.BackingStoreException: Unable to execute query because: com.seeburger.xi.config.ConfigException: No binding found for: AS2, http://seeburger.com/xi, Gloria, R3
  Note: Gloria & R3 are names of XI identifiers (scheme: XIParty) and 22266 & 90586 are names from AS2ID scheme - alternative identifiers.
  22266 - is sender of original message
  90586 - is receiver
  What is wrong on the settings? Why the sending message uses alternative identifiers and incoming MDN does not?
  Thanx for answers & suggestions!
  Peter

  Hi Peter
  checkm this thread discuss the same ..... hope it will solve ur all querry
  Seeburger AS2 Adapter No binding found for: AS2, http://seeburger.com/xi
  Thanks !!!
  Questions are welcome here!!
  <b>Also mark helpful answers by rewarding points</b>
  Thanks,
  Abhishek Agrahari

• Seeburger AS2 receiver adapter conf PI 7.1

  Dear All,
  I have seen a changed AS2 adapter on PI 7.1,the options are totally different than what we have in previous version of AS2 adapter.
  I am looking for seeburger AS2 adapter documents and configuration steps for PI7.1 version.
  Any inputs...
  chirag
  Edited by: Chirag Gohil on Sep 8, 2010 5:03 AM

  AS2Receiver:
  ModuleName: localejbs/ModuleProcessorExitBean
  Type: Local Enterprise Bean
  Module Key: Exit
  -_Module Parameter_-
  Module Key: Exit
  Parameter Name: JNDIName
  Parameter Value: deployedAdapters/SeeXIAS2/shareable/SeeXIAS2
  -_Parameters Tab_-
  HTTP
  Server - Computer with listening AS2 Server
  Port - Port of the endpoint with listening AS2 Server
  URL Path - Path to the endpoint with listening AS2 server
  HTTP Timeout - Timeout in seconds for waiting for server's response
  HTTP Keep Alive - If enabled, the HTTP session is re-used. This optimizes the performance.
  Basic Authentication
  User - User for basic authentication
  Password - Password for basic authentication
  Realm - Realm for basic authentication
  Proxy
  Proxy Server - Your proxy server
  Proxy Port - The port of the proxy server
  Proxy User - User for optional authentication
  Proxy Password - Password for optional authentication
  Proxy Protocol - Select either - HTTP 1.0 or -HTTP 1.1
  AS2
  Compress - Select this option if the payload is to be compressed
  Sign - Select this if the payload is to be signed
  Signing Algorithm - Select an algorithm which is applied for signing the payload; we recommend "SHA-12"
  Encrypt - Select this, if the payload is to be encrypted
  Encryption Algorithm - Select an algorithm that is used for encrypting the payload; we recommend "RC2/128" or "3DES"
  MDN Mode - SYNC to request a synchronous MDN; ASYNC to request an asynchronous MDN; NONE if no MDN is required
  Receipt Delivery Address - Enter the URL of the Asynchronous MDNs that are to be delivered (i.e. the URL of your own AS2 server)
  MDN Timeout - Enter a time period (in min), after which an outstanding asynchronous MDN will be interpreted as an error. The value "0" means no timeout
  Sign MDN - Select this option, if the MDN is to be signed
  Message Subject - This text is sent to the server within the optional HTTP header "subject"
  Content Type - The content type should be set. A random content type can be set, but we recommend one of the following
  = "application/edifact" for EDIFACT files
  = "application/edi-x12" for ANSI X.12 files
  = "application/xml" for XML files
  = "text/plain" for plain text files
  = "application/octet-stream" for arbitrary binary files
  Delivery transmission report - A special transmission report is delivered to the report channel

• Seeburger AS2 -Message Dumping

  Hi All,
  We are able to receive and send  message from and to third party mail box successfully. But when we enable message dumping for debugging via J2EE Admin for AS2 Adapter we are not able to receive message from the third party mail box.
  As per  SEEBURGER EDIINT AS2 Adapter for SAP Exchange Infrastructure 3.0 document it is given as follows
  "For debugging purposes, it is possible to dump the complete AS2 message or MDN to a directory on the SAP XI Server. The outbound and incoming AS2 messages are stored with complete HTTP headers. This also applies to the outbound and incoming MDNs."
  So can anyone provide help to solve the issue.
  Regards,
  Prakash

  Hi Prateek,
    If message dumping is enabled then message is not reaching to the AS2 server  and third party mail box receiving some error as not able to send message to the partner.
  If meesage dumping is disabled then the message is reaching to the AS2 server successfully.
  As we need to communicate with two mail box .So message exchange with one mail box is successfull and when second mail box pushes data to our As2 server it is not reaching and the partner is telling that negative MDN is received.
  But when we check in the seeburger monitoring message from the second mail box is not shown, as i know that negative MDN is sent in cases like decryption is failed.
  For debugging the above case message dumping is enabled and checked with the first mail box but it is also failing as I explained previously.
  Seeburger Version is 1.7.1
  So can you provide some solution to solve the issue with message dumping.
  Regards,
  Prakash

• As2 receiver channel, SEEBURGER AS2: 500 Internal Server Error

  Hi,
  There is one scenario in our landscape, its running in production, Proxy to As2. The interface working fine for last 2 weeks, today its showing error in As2 receiver channel saying
  Message processing failed. Cause: javax.resource.ResourceException: Fatal exception: javax.resource.ResourceException: SEEBURGER AS2: 500 Internal Server Error # , SEEBURGER AS2: 500 Internal Server Error #
  I have searched in forum, but couldnt get much idea on why this error encounters and how can we resolve it.
  Kindly provide your inputs to help me resolve this.
  Thanks,
  Ruchi

  Hi Ruchi,
  500 means the requested server does not understand the request (the requested service is unknown). The reason is obvisiously outside of PI. You have to contact the 3rd party owner and ask why the system is refusing the request instead of responsing like before.
  Regards,
  Udo

• Seeburger AS2 Communication Channel Error

  Hello,
  when trying to send a test message to the AS2 receiver communication channel I get the following error in communication channel monitoring:
  javax.resource.ResourceException: Fatal exception: javax.resource.ResourceException: ResourceException caused by com.seeburger.xi.api.cci.SeeXIDeliveryException: SEEBURGER AS2: AS2 Adapter failure # Outbound configuration error: Failed to get configuration from DTREQUEST and DATABASE.., SEEBURGER AS2: AS2 Adapter failure # Outbound configuration error: Failed to get configuration from DTREQUEST and DATABASE.., ResourceException caused by com.seeburger.xi.api.cci.SeeXIDeliveryException: SEEBURGER AS2: AS2 Adapter failure # Outbound configuration error: Failed to get configuration from DTREQUEST and DATABASE.., SEEBURGER AS2: AS2 Adapter failure # Outbound configuration error: Failed to get configuration from DTREQUEST and DATABASE..
  Have you ever got a similar error? Seems to be a configuration error of the adapter installation itself rather than a problem with configuration objects or the receiver channel.
  Do you have any idea?

  Hi Florian,
  Please provide info if there is a need for any Sender agreement in case we select "Synchronous" mode for MDN and Handle Received MDn as "NoAction".
  I am also getting the below error for my scenario (IDOC --> XI --> AS2)
  Description: AS2 Adapter failure Outbound configuration error: Failed to get configuration from DTREQUEST and DATABASE.. com.seeburger.as2.AS2Plugin.execute
  Thanks and regards
  Ajay Garg

• Client Auth  and SSL with Seeburger AS2 adapter

  Hello All,
  We are using the Seeburger AS2 adapter in our landscape and I am in the process of setting the same up and have made quite some progress in all my issues.
  and I  hope that you will be able to help me out.
  1. Server SSL on Receiver AS2 adapter
  I am sending a message from XI using the Receiver AS2 adapter to my AS2 test tool using Server SSL.
  This is working perfectly fine. In my AS2 adapter I have selected HTTPS as the protocol and the message goes via SSL to the target test tool, is processed and the MDN comes back to XI perfectly.
  The issue here is :
  Irrespective of what is provided in the Server Certificate ( Keystore) , the message goes to my target test tool. I even left this field blank with no certificate entry and still the SSL connection was established and the message went to the target system.
  Is there no validation that XI does here? I am lost what is the use of this entry Server Certificate if XI blindly accepts all SSL connections.
  I am using a Decentral Adapter Engine with LoadBalancer.
  2. Client Auth on Receiver AS2 Adapter
  I tried to perform Client Authentication by proving my Server's private key in the AS2 adapter. The corresponding public key is loaded in my partner's Keystore.
  XI error's with the error "SSL handshake failed - Bad Certificate" .
  I am not sure why XI is erroring out here and I have a feeling that I have misunderstood the use of the fields in the AS2 adapter,
  Server Certificate ( Keystore) and Private Key for Client Authentication.
  Has anyone tried this? If further details are needed, I will be able to furnish the same.
  Regards,
  Bhavesh

  Hello Jens,
  Thanks for your reply.
  1. The Encryption and Signature part of the Interface is working absolutely fine and I use the same concept highlighted by you - The Sender always signs the message with his private key and encrypts with message with the partner's public key in the corresponding agreement.
  2. Server SSL is also working perfectly fine, i.e, when XI initiates the connection the SSL connection is established to the partner.
  3. Mutual Auth was the issue where I was getting the bad certificate issue.
  To investigate further I moved the same setup to my Central Adapter Engine and all the issues I had described above seem to have vanished and things work exactly as I was expecting, ie.
  The field : Server Certificate (Keystore) is used to provide the Target System's Server SSL's public Certificate.
  The field : Private Key for Client Authentication is used where XI provides its own Server SSL's private key for Mutual / Client Authentication.
  The problem seems to be with my Decentral Adapter engine and not my central adapter engine and so I guess,
  1. I either have the incorrect certificates on my Decentral Adapter Engine.
  2. I also have 2 instances of a Decentral Adapter Engine with a Webdispatcher and so maybe the 2 Visual Admin's of the 2 Decentral AE are inconsistent.
  3. Maybe it was just a long day and I did something wrong
  Will investigate further for the root cause but I am glad that my concepts remain intact and things do work as I expected them to work.
  A blog on all this is on the cards sometime soon.
  Cheers,
  Bhavesh

• SEEBURGER AS2 adapter test

  Hi
  I am trying to test AS2 adapter. I configured sender file channel and Receiver AS2 channel. i also configured the mdn report channels. But my AS2 receiver channel is failing saying mdn report channels are missing.
  Message processing failed. Cause: javax.resource.ResourceException: Fatal exception: javax.resource.ResourceException: SEEBURGER AS2: AS2 Adapter failure # Outbound configuration error: Failed to get configuration from DATABASE. MDN requested, but appropriate report channel is missing. Missing inbound relation between AS2From: 'XXXX_Qx2' and AS2To: 'XYZ_QX1'., SEEBURGER AS2: AS2 Adapter failure # Outbound configuration error: Failed to get configuration from DATABASE. MDN requested, but appropriate report channel is missing. Missing inbound relation between AS2From: 'XXXX_Qx2' and AS2To: 'XXXX_Qx1'.

  Hi,
  Please check following thread
  Re: File ->AS2 error?
  Regards,
  Deepak.

• Seeburger AS2 sender comm channel config

  Hello,
  I have to put in place a scenario for message reicipt of EDI messages via Internet using AS2 on http.
  We use the seeburger AS2 adapter.
  I try to configure the AS2 sender adapter, but there are many options, which I do not know how to fill, and which aint documented either.
  I use the following config:
  Tranport Protocol: http
  Message Protocol:AS2
  Adapter Engine: Integration Server
  AS2 Authentification neccessary: When do I have to set this?
  Message Title: *
  Asynchronous MDN configuration
  SSL certificate alias: where do I get this from?
  SSL client certificate: what do I put in here?
  use proxy: Do I specify the data of our SAP Web dispatcher here?
  Thanks
  Matthias

  HI,
  See the below links
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/135b0b94-0701-0010-f6a9-86a14057544a
  /people/bla.suranyi/blog/2006/06/08/sap-xi-supports-edifact
  /people/william.li/blog/2006/03/17/how-to-get-started-using-conversion-agent-from-itemfield
  /people/paul.medaille/blog/2005/11/17/more-on-the-sap-conversion-agent-by-itemfield
  http://www.stylusstudio.com/edi/XML_to_X12.html
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/b0b355ae-0501-0010-3b83-8f2bb566fa47
  Details on XI EDI adapter from seeburger
  Check this for Conversions-
  /people/bla.suranyi/blog/2006/06/08/sap-xi-supports-edifact
  http://www.seeburger.it/fileadmin/it/pdf/2005_04_sapphire_Ferrero_transcript.pdf
  http://www.seeburger.com/fileadmin/com/pdf/Butler_Group_SEEBURGER_Technology_Audit.pdf
  http://www.seeburger.com/fileadmin/com/pdf/AS2_General_Overview.pdf
  SAP Adapters
  EDI with XI
  http://www.seeburger.com
  http://www.seeburger.com/fileadmin/com/pdf/SEEBURGER_SAP_Adapter_engl.pdf
  http://www.sap.com/france/company/events/2006/02-01-Automotive-Seeburger.pdf
  http://h41123.www4.hp.com/presentations/ISUG/XISeeBurger.ppt
  http://www.sap.com/asia/company/events/nwtechdays/presentation/australia-slides/Pre-Built_Integration.pdf
  seeburger adapter configuration
  Regards
  Chilla

• Seeburger AS2 Adapter error

  Hi,
    I'm trying to test AS2 connection with External system and got some errors.
    I'm able to send message successfully to the external system with MDN Mode Synchronus with out any errors and got the MDN back, I changed the MDN mode to Asynchronus and got the below error. Do we need to do any extra configuration for Asynchronus mode MDN?
  Waiting for your valuble suggestions.
  Error message : Error in unkown channel: (No session available) >> Error type: COMMUNICATION_ERROR >> Error date: 9/23/10 2:19 PM >> Description: 500 - Internal Server Error: Error while handle incoming request: java.lang.NullPointerException: while trying to invoke the method java.lang.String.toUpperCase() of an object returned from com.seeburger.as2.tasks.result.MDNDecomposerResult.getMdnOriginalMessageID() [9/23/10 2:19 PM]
  Thanks,
  Kishore

  Hi,
    Sorry for the late reply.
    Receipt Delivery Address : Enter the URL of yr own AS2.
    Yes, I specified our AS2 address as http://xxxx:50000/SeeburgerAS2/AS2Server
    Time Out: What you have given.
    10 min
    In case of asynchronous MDN mode, an Report channel and Sender agreement always have to be configured also when u201CRefer to XI systemu201D is disabled
  Yes, I have created Sender agreement and Sender communication channel with Message protocol as Reports.
  Thanks,
  Kishore

• Seeburger AS2 Adapter Error :AUTHENTICATION_ERROR

  i am doing the scenario for Purchase Order -> XI ->File
  custumer is posting the purchase order
  and XI Receives the PO using AS2 Adapter (Seeburger) and sends the output as File
  i have done all the AS2 Adapter configurations as mentioned below but still i am getting the error in Seeburger Monitoring, the Error is Authentication_Error
  1. Communication chennel
    Adapter Type : AS2
    Direction : Sender
  Transport protocol : HTTP
  Message Protocol : AS2
  AS2 : Authentication Required is Enabled
  Message Subject : Filled which is in Seeburger Monitor
  2. Sender Agreement
  Sender Communicational chennel which is created above
  Security Setting
  AS2 Sender Config :
  Authentication Certificate : Customer public key
  AS2 Receiver Config :
  Decryption Key : Private key
  3. in Party Identifiers
  Party Name
  AS2 ID
  is there any settings missing to rectify the error "AUTHENTICATION_ERROR"

  Hi
  Check with PIAPPLUSER authentication
  With this Check the following content on AS2 may be you get more clue.
  http://www.customware.net/repository/display/WMFAQ/AS2-authenticationfailureinreceivingEDIINT+MDN
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/135b0b94-0701-0010-f6a9-86a14057544a
  https://www.sdn.sap.com/irj/sdn/wiki?path=/display/bpxproj/edi%2bwith%2bpi
  Handling EDI interfaces using Seeburger BIC modules
  Thanks
  Gaurav

• Seeburger AS2 "Unable to find trust alias name"

  Colleagues,
  I receive the com.seeburger.ksm.cryptoapi.exception.CryptoApiException: java.security.PrivilegedActionException
  message plus the "unable to find alias name TRUSTED\" when I attempt to transmit an outbound EDI document using Seeburger's AS2 adapter.
  It appears that the AS2 adapter cannot find the key store that holds the certificates I am using.   
  There also was the following message:
  "JCA error: Unable to forward message to JCA adapter.  Reason:  FatalExcetpion: com.sap.aii.rf.ra.cci.XIDeliveryException.  Seeburger AS2 HTTP- Client component # failed java.security.PriviligedActionException: com.seeburger.ksm.cryptoapi.exception.CryptoApiException"
  Am I missing some configuration that points the to the keystore I need ?
  All responses appreciated.
  Regards,
  Andy

  Hi Sajal,
  Try this:
  follow these steps:
  ->Launch the Visual Administrator
  ->Goto to Services…Key Storage
  ->Choose load and select the file containing the certificate (.cer or .crt file)
  As the XI configuration will refer to the certificate by name, the name should be somewhat self-describing. The certificate name should not include any date or time.
  Reward points if this helps
  Regards
  Pragathi.

• AS2 asnyc MDN not working

  Hi,
  I have setup my config in SeeBurger AS2 adapter in SAP PI 7.11 to send a file to our trading partner via AS2-HTTPS with async MDN requested. I got the an error in seeburger message monitoring : "Sent AS2 message successfully to partner - waiting now for asynchrone MDN"
  We are still not able to received the async MDN from our partner. Wonder if anyone of here had encountered similar problem before? Please share your experience.
  My config:
  1. HTTPS-AS2
  2. Signed Msg
  3. Encrypted Msg
  4. Request async MDN (Not signed) by provided our HTTPS AS2 URL in receipt delivery address, no MDN time out.
  5. Create virtual sender aggrement for MDN report with accepting same message title with AS2 receiver aggrement message titile.
  *Tested the same receiver agreement config with No MDN and Synchronous MDN. All successfully.
  Thanks!
  SP

  Hi,
  We are also facing the same problem. But I want to tell you few points which you need to make sure....
  virtual party and communication component that you've used in Sender agreement of Reports channel  shouldbe same as that of party & component used in Header mapping  of actual receiver agreement. And, there should not be more than two sender agreements for MDN reports channel for same set of sender and receiver party.
  One request from my side is... please let me know if your issue got resolved so that it'll be helpful for me too.
  Regards
  Priyanka

• Renewing public key certificate used for Seeburger AS2

  My general question is when a public key certificate, used for Seeburger AS2 payload decryption and digital signatures, needs to be renewed, how carefully do the certificate renewal steps need to be coordinated for a seamless transition?  More specifically...
  1. Once we import the CSR response from the CA, will the public key currently used by our partner become invalid, or will it continue to work until its expiration date? 
  2. Will our partner be able to validate our signature after the new CSR has been imported, but prior to them applying the new public key certificate in their system? 
  3. Or can we renew the certificate, import the CSR request, provide our partner with the renewed certificate, and let them apply the certificate at their own volition, provided they do it prior to the original certificate expiration?

  Hi Kurt
  In my experience, the renewal/replacement of AS2 certificates for encryption/decryption & signing/authentication requires coordinated effort on both sides.
  This is because AS2 uses asymmetrical encryption, so both parties need to use the same pair of certificates at the same time, i.e. you encrypt on your private key, and partner decrypt on the public key matching your private key. If the keys used do not belong to the same pair, then decryption will not work.
  I'm not sure what AS2 software your partner uses and if it has the feature of automatic rollover of certificate, but PI/Seeburger does not. The approach in PI/Seeburger can either be one of the following:-
  i) import new cert replacing original cert of the same name
  ii) import new cert into new name, manually update sender/receiver agreements
  Due to the manual nature of the tasks, normally it requires coordinated effort during a cutover window.
  Rgds
  Eng Swee